Re: pg_cancel_backend by non-superuser - Mailing list pgsql-hackers

From Daniel Farina
Subject Re: pg_cancel_backend by non-superuser
Date
Msg-id CAAZKuFap2ybVjh4XvBo1jJOPFRLeaK6VPUdSCGj61kron8qTDQ@mail.gmail.com
Whole thread Raw
In response to pg_cancel_backend by non-superuser  (Daniel Farina <daniel@heroku.com>)
List pgsql-hackers
On Sat, Oct 1, 2011 at 3:47 PM, Kääriäinen Anssi
<anssi.kaariainen@thl.fi> wrote:
> I would be a step in the right direction if the DB owner would see all queries
> to the DB in pg_stat_activity.

"All," including that of the superuser? I'd like to pass on that one, please.

In general, I feel there is this problem that one cannot hand over a
non-superuser but powerful role to someone else, and allowing them to
make new roles with strictly less power than what they were granted
(the opposite of role inheritance, whereby children have as much or
more power).  Right now I get the feeling that I'd rather fix that
problem in the role system then overloading what it means to be a
database owner.  If anything, to me being a database owner means the
ability to run ALTER DATABASE, and not much else.

--
fdr


pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: Bug with pg_ctl -w/wait and config-only directories
Next
From: Kääriäinen Anssi
Date:
Subject: Re: pg_cancel_backend by non-superuser